Click here to receive your FREE subscription to Campus Technology
Home > Picking at a Virus-Ridden Corpse, Part II
Current News
Picking at a Virus-Ridden Corpse, Part II
9/24/2003
5. Virtually No One's Really Serious About Desktop Workstation Security.
I'm willing to bet that the recent viruses resulted in hundreds, if not thousands, of compromised systems on each of your campuses.
No one's watching, so let's be perfectly candid: were all those compromised systems low-level formatted and reinstalled from scratch? No? Are you really, really, comfortable that all those patched-but-not-fully-reinstalled-from-scratch machines don't have any lingering, virus-created "back doors" that just haven't been noticed yet? No?
And if a virus on those machines had completely wiped out the hard drive on each of those infested systems, would each have had a current backup? Would you at least have had a backup of the important stuff that you can't otherwise re-create?
Trust me, virtually no one's really serious about desktop workstation security. If such people exist, they would have reinstalled from scratch, using backups that most of us probably didn't have.
6. It's Not Just the Viruses and Worms.
It is really easy to get tunnel vision and think that viruses/worms are the only security threat you face. They're not.
At the same time you're dealing with viruses and worms, you should also be thinking about the steps that you'll take to deal with at least one other major security vulnerability this year.
Maybe that's physical security: What could someone with a sledge hammer and five gallons of unleaded gasoline do to your physical infrastructure?
Or maybe this is the year to go after plain-text passwords on the wire: ssh makes a nice drop in replacement for yelnet, and you can comparatively easily TLS-enable most POP and IMAP clients and servers now, just to mention two areas where encryption has come a long way without much fanfare.
In Conclusion . . .
There are plenty more lessons we could learn from these most recent infestations, but let's just stop at 10. If we can do these ten, or even some of these ten, we'll be making great progress.
J'e St Sauver, Ph.D., is Director of User Services and Network Applications., University of Oregon Computing Center. He can be reached at j'e@oregon.uoregon.edu
We know that everyone is working hard and with inadequate resources. If you’ll read back a few issues, you’ll note that, about the way folks handled the mess when the students came back to campus, we wrote: "on campus after campus, the IT staff came through with shining colors." J'e’s main point may be that you should just occasionally ask yourself whether you are about to do the lazy/expeditious thing, or the right thing – not in terms of reacting to a crisis, but in light of what might be the consequences down the road.
Joe St Sauver, Ph.D. (joe@oregon.uoregon.edu) is the director of user services
and network applications at the University of Oregon Computing Center.
Cite this Site
, Joe St Sauver, "Picking at a Virus-Ridden Corpse, Part II," Campus Technology, 9/24/2003, http://www.campustechnology.com/article.aspx?aid=39508
copy text (above) for proper citation
Recommended Reading
- IT Trends :: Thursday, August 14, 2008
:::::: RESEARCH
:: Higher Education Fertile Ground for 802.11n WiFi, ABI Reports
:::::: IT NEWS
:: U New Hampshire Consolidates Backup and Recovery Environments
:: System Center Update Promises Energy Savings
:: Stephens College Automates Campus Administration with PowerCampus UDC
:: Chapman University To Deploy Campus-wide WiFi
:: Ultimus Releases New Version of Adaptive BPM
:: Utah Education Network Selects To Deliver High-speed Internet Access and Metro Services via XO
:: Video Spotlight: Google, Microsoft Go Head to Head in Edu Space - C-Level View :: August 13, 2008
:::::: EXECUTIVE VIEW
: ERP: More Than System Functionality
:::::: WORTH NOTING
: Open Source Brings Down Cost of Wireless Rollout
: Polytechnic Institute of NYU Deploys Array Networks' SSL VPN
: KU Medical Center Installs Real-time Beacon System
: Utah Education Network Selects To Deliver High-speed Internet Access and Metro Services via XO
: Video Spotlight: Google, Microsoft Go Head to Head in Edu Space - SmartClassroom :: Wednesday, August 13, 2008
:::::: FOCUS
: Open Source Brings Down Cost of Wireless Rollout
:::::: NEWS and PRODUCT UPDATES
: Skoobit Launches Online College Textbook Rental Service
: Virginia Tech Tries 'Compliance Sheriff' To Improve Web Site Accessibility
: Utah Education Network Selects To Deliver High-speed Internet Access and Metro Services via XO
: Collexis' Lawriter Debuts Social Network for Law Students
: Promethean, Simtrol Use Activeboard To Manage Classroom Devices - News Update :: Tuesday, August 12, 2008
:::::: NEWS
: U Toronto Team Wins 2008 Innovate Canada Competition
: Terracotta Integrates Sun's VisualVM
: IBM Touts Linux Strategy with New Virt, SuSE, Supercomputer Intiatives
: Open Source: A 'Growing Challenge' to Microsoft
: Internet Freedom: Google, Microsoft, Yahoo Near Agreement
: Pepperdine U Upgrades WiFi with Xirrus Arrays
: IBM To Team with Linux Vendors on 'Microsoft-Free' PCs
: Security Woes Up, as PHP and OSS Make the List
: CourseCast 2.0 Adds Podcasting, Streaming Media Features to Free Lecture Capture System - Campus Security :: August 8, 2008
:::::: SPOTLIGHT
: A Cheapskate's Guide to Free Security Software
:::::: CAMPUS SECURITY NEWS
: Collaboration Key to Security, Microsoft Says
: IBM Unveils New Software Designed To Streamline eDiscovery
: Security Woes Up, as PHP and OSS Make the List
: Apple Reacts to Spoof Threats, Issues DNS Hotfix
: Reflex Security Releases Virtual Security Center
: Moravian College Turns to Appliance To Deter Malware and Botnet Activity
: Sophos Upgrades Web Security Appliance
: Most Malware Found on Trusted Web Pages, Report Says - IT Trends :: Thursday, August 7, 2008
:::::: WIRELESS
:: Drexel Sees 802.11n as Logical Leap
:::::: IT NEWS
:: Pepperdine U Upgrades WiFi with Xirrus Arrays
:: CourseCast 2.0 Adds Podcasting, Streaming Media Features to Free Lecture Capture System
:: Roanoke College Gets Personal with CRM
:: Hobart and William Smith Colleges Wrap First Phase of CRM Implementation
:: Higher Ed Least Likely Sector To Adopt Energy Management Policies
:: Katana Brings Education Content to Sakai Open Source LMS
:: Universities in Indiana, North Dakota, New York Deploy Oracle Software
